Clinical informatics adoption may account for increases in data breaches

According to a report that was published by the Department of Health and Human Services (DHHS), there may be a direct correlation between increasing levels of the adoption of medical informatics systems and breaches in patient health information (PHI).

The release of the publication follows a recent audit that was conducted by the Health and Human Services office of the inspector general that revealed the operational difficulties healthcare organizations have experienced in reporting lapses of data security. According to the DHHS report, which was submitted to Congress, 45 instances of unauthorized access to PHI were reported between September and December 2009. That figure increased to 207 reports of breaches in data security in 2010.

Theft was cited as a primary motivating factor in many of the reports. The report also detailed an instance where a “phishing” scam – where illegitimate users pose as trusted sources in order to gain access to sensitive data – was employed to access the electronic health records of more than 610 individuals. An employee at the healthcare facility in question was allegedly duped into providing login credentials to an unauthorized user.

“You would naturally expect to see a correlation in the uptick of electronic data theft and the adoption of electronic health records,” Lisa Gallagher, the Healthcare Information and Management Systems Society’s senior director of privacy and security, told Information Week. “The more individuals’ health records are in electronic form, the more of a possibility that even one particular breach would cover a bigger number of records.”

The authors of the DHHS study said that the reporting protocols mandated as part of the Health Information Technology for Economic and Clinical Health Act served a dual purpose of providing transparency to consumers and the public, as well as encouraging accountability among healthcare providers.